| TIP: NIST SP 800-53 r4 - Security Control Family: Configuration Management

NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for MODERATE Impact Systems, v4

Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---controls-for-moderate-impact-systems/4/

Publication Date

2021-04-26

Issuing Organization

TMI (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

800-53, Configuration Management, NIST, Security, Moderate

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforLOWImpactSystems and TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures and TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration and TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates and TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations and TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas and TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl and TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges and TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis and TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange and TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings and TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality and TIP_NISTSP80053r4SecurityControlCM71PeriodicReview and TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution and TIP_NISTSP80053r4SecurityControlCM74UnauthorizedSoftwareBlacklisting and TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory and TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals and TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection and TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents and TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan and TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions and TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

References (22)

TIP NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for LOW Impact Systems, v4
Description	Profile of requirements corresponding to all LOW impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
ID	TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforLOWImpactSystems

TIP NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures

TIP NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration

TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates

TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations

TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas

TIP NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl

TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges

TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis

TIP NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange

TIP NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings

TIP NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality

TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM71PeriodicReview

TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution

TIP NIST SP 800-53 r4 Security Control CM-7 (4): Unauthorized Software / Blacklisting, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (4): Unauthorized Software / Blacklisting. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM74UnauthorizedSoftwareBlacklisting

TIP NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory

TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals

TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection

TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents

TIP NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan

TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions

TIP NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

Sources (1)

SP800-53R4	NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Also available as XML or JSON